ICSE 2025
Sat 26 April - Sun 4 May 2025 Ottawa, Ontario, Canada

This marks the 6th edition of the International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) at the ICSE conference.

For industrial critical systems, although the previous premises of increasing system interconnectivity, decentralization, and introduction of new, more intelligent technologies still hold true, there is an increased societal awareness with regards to cybersecurity. This has led to clearer regulation, sharper requirements, and higher expectations for industry. At the same time, the availability of readily deployable competence, methods, tools, and solutions is lacking, which should be considered a critical societal risk.

In the current international political climate, cyber security, and safety of critical infrastructures across industry, are more important than ever before. The EnCyCriS workshop facilitates discourse and discussion amongst researchers, practitioners, and students who are working on challenges and solutions related to industrial critical infrastructure. It has a particular focus on sharing industry experience and project results pertaining to cyber threats on critical systems, secure systems engineering, and attack detection and response mechanisms.

Previous editions

Plenary
You're viewing the program in a time zone which is different from your device's time zone change time zone

Sat 3 May

Displayed time zone: Eastern Time (US & Canada) change

07:00 - 17:00
09:00 - 10:30
Keynote speech and papers session 1EnCyCriS at 206
Chair(s): John Eidar Simensen IFE
09:00
5m
Day opening
Workshop Opening
EnCyCriS
Coralie Esnoul Institute For Energy Technology (IFE)
09:05
55m
Keynote
Keynote: Cyber operations at the speed of trust - by Colonel (Retired) Daniel Blanc
EnCyCriS
K: Colonel Daniel Blanc CAFCYBERCOM (retired)
10:00
20m
Paper
Engineering Out Industry 4.0 Cyber Risk
EnCyCriS
Benjamin Lampe Idaho National Laboratory, Patience Yockey Idaho National Laboratory, Virginia Wright Idaho National Laboratory
10:20
10m
Other
Group Picture
EnCyCriS

10:30 - 11:00
10:30
30m
Break
Saturday Morning Break
Catering

11:00 - 12:30
Paper session 1 - continuedEnCyCriS at 206
Chair(s): Ita Ryan University College Cork
11:00
20m
Paper
Cyberspace Vigilante or Security Sleuth: Understanding Who Threat Hunters Are
EnCyCriS
Samantha Hill University of Victoria, Alessandra Maciel Paz Milani University of Victoria, Callum Curtis University of Victoria, Arty Starr University of Victoria, Enrique Larios Vargas University of Victoria, Marcus Dunn University of Victoria, Margaret-Anne Storey University of Victoria
11:20
20m
Paper
Enhanced Detection of Code Vulnerability with Synergy between Data-Driven, Rule-Based and Unsupervised Learnings
EnCyCriS
Hibah Mohammed Ghouse Hubspot, Samiha Shimmi Northern Illinois University, Mona Rahimi Northern Illinois University
11:40
20m
Paper
Evaluating the Integration of Aurora zkSNARK in the Zupply Framework
EnCyCriS
Mohammadtaghi Badakhshan University of Waterloo, Guang Gong University of Waterloo
12:00
30m
Panel
Panel based discussions and open questions - morning session
EnCyCriS

12:30 - 14:00
13:15
45m
Lunch
Saturday Lunch
Catering

14:00 - 15:30
Paper session 2 and panel questionsEnCyCriS at 206
Chair(s): Eunkyoung Jee KAIST, South Korea
14:00
20m
Paper
RANDART: A Hybrid Approach Leveraging File Traps and Registry Monitoring to Thwart Crypto Ransomware on Windows Endpoints
EnCyCriS
P. Mohan Anand Indian Institute of Technology Kanpur, India, P.V. Sai Charan New York University, USA, Hrushikesh Chunduri Indian Institute of Technology Kanpur, India, Sandeep K. Shukla Indian Institute of Technology Kanpur
14:20
20m
Paper
Static Analysis of IoT Firmware: Identifying Systemic Vulnerabilities with RMMIDL
EnCyCriS
Ahmad Al-Zuraiqi Queen's University Belfast, UK, Desmond Greer Queens University 
14:40
45m
Panel
Panel based discussions and open questions - afternoon session
EnCyCriS

15:25
5m
Day closing
Workshop Closure
EnCyCriS
Coralie Esnoul Institute For Energy Technology (IFE)
15:30 - 16:00
15:30
30m
Break
Saturday Afternoon Break
Catering

Hide past events

Call for Papers

EnCyCriS invites contributions from research scholars and practitioners working on challenges and solutions for engineering and cybersecurity of critical software-based systems on the following topics:

  • Practical safety and security co-engineering – challenges and solutions for critical infrastructure and industrial software-intensive systems.
  • Threat and vulnerability identification and impact estimation to respond to adverse cyber events, using models, simulations, and digital twins.
  • The role, impact, and unsolved challenges of human, technological and organizational participants in the cybersecurity of critical infrastructures and complex sociotechnical systems.
  • Systems and software development - the impact and importance of human factors on the cyber resilience of operational technology and information technology systems and infrastructures.

Topics are not limited to those listed above; all relevant papers will be considered. We accept position, research, and industrial experience papers. We highly value industrial experience and lessons learned, including academic papers with industrially applied research artefacts. This workshop facilitates discourse and discussions among researchers, practitioners, and students who are working on challenges and solutions related to the 4th industrial revolution, with a particular focus on sharing industry experience and project results pertaining to cyber threats on critical systems; secure software engineering; and attack detection and response mechanisms. We highly value industrial experience and lessons learned, and academic papers where research artefacts have been applied in an industrial context.

Submission

We accept submission of research papers of 8 pages maximum length as well as position papers & short papers of 4 to 6 pages length, and industry experiences and challenges papers of 4 to 6 pages. The paper format of the Workshop’s paper must follow the IEEE formatting guidelines. Paper Submission Webpage: https://encycris-2025.hotcrp.com/

UPDATE: submission extended until November 20th.

With the aim of further strengthening the relevance of cybersecurity research for critical infrastructures, whilst being relevant and useful to industry, the following workshop research objectives are suggested:

  • Integrated safety and security software engineering processes and methods for critical infrastructures that enable coordination among different stakeholders, including several teams and personnel with different competencies, and continuous integration of new and emerging technologies.
  • Threat landscape for digital systems’ software in critical infrastructure and the modelling of cyber-attack scenarios for digital systems’ architecture and inter-dependencies. This includes accurate software architecture design model specifications that facilitate cybersecurity and Reliability, Availability, Maintainability and Safety (RAMS) assessment. Models should support effective communication of threats, vulnerabilities, risks, and potential mitigations to relevant stakeholders to support decision-making.
  • The role and impact of black and grey-box technologies such as AI, machine-learning algorithms, off-the-shelf components (COTS), and supply chain elements, including third party services, on the cybersecurity of critical infrastructures. How do we estimate and handle the vulnerabilities potentially introduced by black-box technologies to achieve and maintain acceptable levels of risk throughout the life cycle of software, components, systems and solutions? How do we enable and empower stakeholders to address emerging threats and developing vulnerabilities more dynamically, with the aim of achieving greater resilience?
  • The applications of digital twins, Artificial Intelligence (AI), Hardware-In-the-Loop test beds, simulators and/or emulators, and algorithms developed for cyber security purposes in critical infrastructures, especially to understand the consequences of a cyber-attack at an overall system level. Evaluate the effectiveness of the risk models, detection and response tools, and/or methods developed.
  • The impact and importance of human factors in critical infrastructures systems and software development and operations, throughout the lifecycle of critical systems. How to prepare stakeholders such as developers, system operators and organizations to best handle unforeseen and unpredictable adverse cyber situations and events? How to overcome shortcomings in existing tools, methods, competence, and standards and regulations when planning and implementing cyber security response mechanisms and solutions.

The workshop topical areas

  • Practical safety and security co-engineering - challenges and solutions for critical infrastructure and industrial software-intensive systems.
  • Threat and vulnerability identification and impact estimation for response of cyber effects on software and hardware of critical infrastructures using models, simulations, and digital twins.
  • The role, impact, and unsolved challenges of human, technology and organization in cybersecurity of critical infrastructures and complex socio-technical systems.
  • Systems and software development - the impact and importance of human factors on the cyber resilience of operational technology and information technology systems and infrastructures.

The topics given above serve as guidance for the focus of the workshop and should not be seen as absolute. Adaptations to the workshop may be expected depending on the paper contributions and participants’ profiles.